27 matches found
CVE-2026-37596
SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/managedepartment.php...
PT-2026-32637
CVE-2026-37596 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/manage department.php. https://t.co/mauoyzh46T...
SourceCodester Online Employees Work From Home Attendance System 安全漏洞
SourceCodester Online Employees Work From Home Attendance System is an open-source online employee remote work attendance system developed by SourceCodester. Version 1.0 of the SourceCodester Online Employees Work From Home Attendance System contains a security vulnerability. This vulnerability...
EUVD-2025-4150
Malicious code in bioql PyPI...
EUVD-2023-52447
Malicious code in bioql PyPI...
EUVD-2023-52445
Malicious code in bioql PyPI...
Connect with the security community at Microsoft Ignite 2025
In today’s AI-powered world, security professionals are facing unprecedented challenges—and opportunities. As generative AI reshapes the digital landscape, the need for robust, intelligent, and adaptive security strategies has never been more urgent. At Microsoft Ignite 2025, we will showcase...
Connect with the security community at Microsoft Ignite 2025
In today’s AI-powered world, security professionals are facing unprecedented challenges—and opportunities. As generative AI reshapes the digital landscape, the need for robust, intelligent, and adaptive security strategies has never been more urgent. At Microsoft Ignite 2025, we will showcase...
CVE-2025-26158
A Stored Cross-Site Scripting XSS vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter...
CVE-2025-26158
A Stored Cross-Site Scripting XSS vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter...
CVE-2025-26158
A Stored Cross-Site Scripting XSS vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter...
CVE-2025-26158
CVE-2025-26158 is a stored XSS in Kashipara Online Attendance Management System v1.0, specifically the manage-employee.php page via the department parameter. Affected component: the script handling department input; vulnerability type: stored XSS with potential script execution by an attacker. Do...
Upcoming Speaking Events
This is a current list of where and when I am scheduled to speak: I'm speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM, in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of...
CVE-2023-48395
Kaifa Technology WebITR is an online attendance system, it has insufficient validation for user input within a special function. A remote attacker with regular user privilege can exploit this vulnerability to inject arbitrary SQL commands to read database...
CVE-2023-48394
Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. A remote attacker with regular user privilege can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...
CVE-2023-48393
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...
Design/Logic Flaw
Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit this vulnerability to access system with arbitrary user account, including administrator’s account, ...
CVE-2023-48395
The CVE describes an SQL injection in Kaifa Technology WebITR (online attendance system) caused by insufficient input validation in a particular function. An attacker with regular user privileges can exploit this to read the database by injecting arbitrary SQL commands. Several connected sources ...
CVE-2023-48394
CVE-2023-48394 affects Kaifa Technology WebITR (online attendance system). The issue lies in the file upload function, which does not restrict uploading of dangerous file types. A remote attacker with regular user privileges can upload arbitrary files to execute commands or disrupt service. Conne...
CVE-2023-48393 Kaifa Technology WebITR - Error Message Leakage
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...